Hello everyone, I just updated the schannel branch on github again. The following things have been implemented since my last email:
- SSL/TLS session handling - SSL/TLS re-negotiation The remaining TODOs are now reduced to: - implement write buffering - implement SSL/TLS shutdown - implement client certificates - implement server certificates - implement algorithm option But especially the re-negotiation part requires more testing. Best regards, Marc 2012/4/9 Marc Hörsken <[email protected]> > > Hello everyone, > > this weekend I took the time to create a new SSL/TLS module für libcurl. > It is now possible to use the Windows SSPI Schannel API for SSL and TLS > connections. > > The new module makes use of the existing SSPI functionality in > curl_sspi.[ch] and also re-uses the DLL/library context if it has been > loaded. > Basically Curl_schannel_init calls Curl_sspi_global_init > and Curl_schannel_cleanup calls Curl_sspi_global_cleanup. > > More information about SSPI and the Schannel API: > > http://msdn.microsoft.com/en-us/library/windows/desktop/aa374731(v=vs.85).aspx#sspi_functions > > http://msdn.microsoft.com/en-us/library/windows/desktop/ms678421(v=vs.85).aspx > > http://msdn.microsoft.com/en-us/library/windows/desktop/aa375924(v=vs.85).aspx > > TLSv1, SSLv3 and SSLv2, including SNI is already supported. The following > aspects/features are still on my TODO list: > > implement session handling and re-use > implement write buffering > implement verification options > implement verification results > implement SSL/TLS shutdown > special cases: negotiation, certificates, algorithms > > The great news behind all this is, that it is now possible to do SSL/TLS > with curl, but without openssl on Windows. This means that the Windows > certificate store is used and there are no other dependencies which need to > be installed. (Using user supplied certificates and client-auth is on my > TODO list, but not implemented yet.) > > You can find the current implementation in my fork at github.com: > https://github.com/mback2k/curl/tree/schannel > https://github.com/mback2k/curl/compare/schannel > I am not attaching patches yet, because I am still cleaning up some things > and consider the project a work-in-progress. > > I also haven't modified the autotools buildscripts yet. I only added a new > option to the winbuild scripts. You can now pass WITH_SSL=schannel to them, > for example: >> >> nmake /f Makefile.vc mode=dll ENABLE_IDN=no WITH_SSL=schannel > > > I would appreciate it if some of you could start testing this and give me > feedback on functionality and code. Also I would appreciate any help > modifying the autotools scripts to make cross-compilation using mingw > possible. > > That's it for now, thanks in advance and please give it a try! > > Best regards, > Marc ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
